If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below. ** If you are logged in, most ads will not be displayed. **

I think I have been hacked, root password has been changed

I turn on my fedora 9 and I am browsing through files and I see that an account by the name of SirLnX, in my /home directory. My firewall is down, but it has been for a while. I also had torrent running so my IP could have been found. I can't change any system settings becuase the root password is different. Please help me, I have no about what to do.

Sure you can probably fix it, but will you ever trust the machine again? Next time something acts up, will you still think you didn't fix it correctly? I would never trust this machine until I did a complete format/re-install.

also, unless you have a specific reason to have it running, disable ssh, as that is most likely how the intruder got in ( esspecialy if your root PW is not very strong, a brute force attack can do you in easily. )

If you DO need open, then I would suggest you disable root login via ssh, and disable password authentication in favor of a keypair. This is not as convinient, as you need to have a copy of your private key any time you want to login, but it reduces the chance of an intrusion via ssh to a VERY minimal chance (unless they obtain your key somehow, it is pretty much imposible. )

Changing the port it runs on will help to, but not nearly as much as the methods described below, it will just save you from the most useless of script kiddies.